There are several options for setting up CI (continuous integration) for PHP. Some of your options include Hudson (now owned by Oracle), Jenkins (the fork from Hudson), PHPUnderControl, and CruiseControl to name a few. While they each have their strengths, I wanted something that would be easy to use and have a company backing. Through my searching I found TeamCity.

Team City is free to use for you first 20 build configurations (that is the only limit), after that you could make a new server to service your additional builds or actually pay for it.

This part of the two part series will cover the setup and configuration of TeamCity in the following sections below:

Post Setup

This section will cover the various things that need to be setup on our server before we can install and configure TeamCity.

Apt-get Installs

To begin, we need to install several packages using apt-get (you could also use aptitude if you want). These installs will cover PHP, Apache, subversion, and other libraries/applications. To install each of these packages below simply type “sudo apt-get install <package-name>”

ant

build-essential

libtcnative-1 (this installs the Apache APR module)

openssl

php-pear

php5

php5-cli

php5-curl

php5-dev

subversion

Installing Java JDK 6

Java no longer is included with Ubuntu out of the box and only OpenJDK is in the package repository. This creates a problem as TeamCity doesn’t work with OpenJDK. However, it will work with Java JDK 6 (update 32) at the time of this posts writing. Fortunately, installing Java from Oracle is rather painless, but you will need sudo to do these commands.

Download the latest JDK 6 Update from here (I use the .bin files as they are the easiest to install, so grab one of those, either x86 or x64 depending on your architecture).

Go to where you downloaded the the bin file and make it executable by doing the following

chmod +x jdk-6u32-linux-x64.bin

Run the binary. This will extract the files into a directory like jdk1.6.0_32

./jdk-6u32-linux-x64.bin

Create a directory to put java in

mkdir /usr/lib/jvm

Move the java directory to the new on and rename it to something nicer

For each of the lines above you will need to configure the default to use by executing the following lines and choosing the path to your new java install from the given list. Note that if this is your only install of java for this system, you can skip this step.

Before First Launch

There is not much you can configure before the first launch of TeamCity; however, we can configure what port it is going to use. For this installation I intend to authenticate off of Active Directory and I do not want those accounts going over the wire in plain text so SSL needs to be configured.

Edit the server.xml

vim /opt/TeamCity/conf/server.xml

In the section for SSL connector add the following connector (you can find this section by searching for SSL)

Notice that there are not quotes. The reason for this is TeamCity automatically quotes the values for you. If you add quotes, it will fail authentication.

Authenticating to LDAP

Authenticating against LDAP is pretty easy; however, it gets a bit tricky when you want to use a secure connection (LDAP with SSL). In the following sections I will show you how to install the SSL certificate from an Active Directory domain controller and how to configure TeamCity to use LDAPS.

Importing the LDAPS Certificate

Before we can authenticate using LDAPS, we have to import the certificate that the domain controller is using so Java will trust it. Method 1 is pretty easy to do and relatively painless, but does require you to download an additional Java tool. If you do not want to install any additional Java tools and you have access to the DC. You can manually export the certificate from each DC and import tem into the Java keystore using Method 2.

You will be prompted for the password to the cacerts keystore and the jssecacerts keystore. Enter the password changeit
Once this is done, you should see a status message saying something around 78 entries where imported.

Method 2: Exporting the Cert from AD and Importing it With Keytool

From a Windows workstation open a run prompt (windows key + r)

Enter mmc and press ok

Go to File -> Add/Remove Snapin..

From the “Available snap-ins” list on the left select “Certificates”

Click the “Add >” button to add Certificates to the Selected snap-ins list on the right

Select “Computer Account” from the options.

Select Local computer if you are on the serve that has the certificate, else select “Another Computer” and enter the host name for the domain controller to get the certificate from

copy the file ldap-config.properties.dist to ldap-config.properties or just create the file and go to the next step.

cp ldap-config.properties.dist ldap-config.properties

Edit ldap-config.properties and set the following lines. If you just created the file, then just set it to the contents below

# The server(s) to auth against
java.naming.provider.url=ldaps://example.com:636/DC=example,DC=com
# The account to use to search for accounts in LDAP and read their data
java.naming.security.principal=CN=username,CN=Users,DC=example,DC=com
java.naming.security.credentials=secret_password
# The base dn to use when searching for users (if your accounts are all over, just leave it blank)
teamcity.users.base=CN=users
# Handles setting the user name. acceptedLogin has Teamcity use the username in LDAP. You should use
# this if you cannot filter your usernames because of how they are constructed
teamcity.users.acceptedLogin=
# Sets the username in team city to the one in LDAP
teamcity.users.username=sAMAccountName
# Disallow slashes and @s in the username given at login
teamcity.auth.loginFilter=[^/\\\\@]+
# Synchronize the user against ldap (this runs every hour)
teamcity.options.users.synchronize=true
# Filter what users to match in sync
teamcity.users.filter=(objectClass=user)
# Don't sync groups
teamcity.options.groups.synchronize=false
# Don't create or delete users during synchronization.
teamcity.options.createUsers=false
teamcity.options.deleteUsers=false
# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout = 3600000
# The name of LDAP attribute to retrieve user's full name
teamcity.users.property.displayName=displayName
# The name of LDAP attribute to retrieve user's email
teamcity.users.property.email=mail
# Tell team city to only sync users in team city against LDAP (if you have a lot of users in LDAP, this should be turned on).
# Only look at 100 users at a time
teamcity.users.syncOnlyTeamcityUsers=true
teamcity.users.filterPackSize=100

The server will say that the configuration has changed and that it needs a code from the log file. Get the last ten lines from the server log to get the code.

tail /opt/TeamCity/logs/teamcity-server.log

The code should be in the output. Copy this code and past it into the field in your browser and click proceed

You will now be prompted to login. The account you do this initial login with will be an administrative account.

Configuring Apache to Redirect to Teamcity

This section will cover how to setup Apache to take a url like yourserver.domain.com/teamcity and redirect it to yourServer.domain.com:8443/teamcity. Users do not want to remember port numbers, so this will be a welcome step for them. Also if you setup your DNS records correctly, you could even make the teamcity site something like teamcity.domain.com.

1 Trackback or Pingback for this entry:

[…] Before setting up our CI process, we’ll assume that you already have a PHP environment with PEAR, PHPUnit and Phing installed. If not, now is the time. You can find more info on installing TeamCity on Linux and on configuring your PHP environment through this blog post. […]